> On Mar 25, 2019, at 1:53 PM, Kenneth Goldman <kgold...@us.ibm.com> wrote:
>
>
> $ openssl ec -aes128 <<EOF
>
> This was the piece I was missing. Thanks.
>
> In the script, I used this:
>
> openssl ec -aes128 -passout pass:rrrr -in tmpecprivkeydec.pem -out
> tmpecprivkey.pem
I try to avoid putting sensitive information in command-line arguments.
If you're using "bash" (which has "printf" as a built-in) you could use:
-passout file:<(printf "rrrr\n")
which does not create any processes with the password in the argument vector.
Example:
$ openssl enc -aes128 -pass file:<(printf "rrrr\n") <<EOF | openssl enc -d
-aes128 -pass file:<(printf "rrrr\n")
> foobar
> EOF
foobar
--
Viktor.
